<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
} 
if (!mysql_select_db("login")) {
    echo "Unable to select login: " . mysql_error();
    exit;
}
session_start();
$username=$_POST['username'];
$password=$_POST['password'];
if(get_magic_quotes_gpc() == false){
	$username=trim(mysql_real_escape_string($username));
	$password=trim(mysql_real_escape_string($password));
}
$sql=sprintf("SELECT * FROM users
						WHERE username='%s' AND password='%s'",$username,$password);
$user=mysql_query($sql);
$row_user=mysql_fetch_assoc($user);
$totalRows_user=mysql_num_rows($user);
if($totalRows_user==1){
	$_SESSION['kt_login_id']=$row_user['idUser'];
	$_SESSION['kt_login_user']=$row_user['Username'];
	if((isset($_SESSION['back'])==true)&&($_SESSION['back']!="")){
		$back=$_SESSION['back'];
		unset($_SESSION['back']);
		header("location:".$back);
	}
	else header("location: thanhcong.php");
}
?>